Active Directory Security

Lorem ipsum dolor sit amet, at mei dolore tritani repudiandae. In his nemore temporibus consequuntur, vim ad prima vivendum consetetur. Viderer feugiat at pro, mea aperiam

Directory Services Protector

Comprehensive Active Directory Threat Monitoring, Detection, and Response.

Active Directory Forest Recovery

Cyber-First Disaster Recovery for Active Directory.

Purple Knight

Purple Knight is a free Active Directory security assessment tool built and managed by an elite group of Microsoft identity experts.

Directory Services Protector

Comprehensive hybrid Active Directory threat detection and response.

Business applications on-premises and in the cloud rely on Active Directory and Azure Active Directory, making it a critical piece of your IT infrastructure. But securing Active Directory is difficult given its constant flux, sheer number of settings, and increasingly sophisticated threat landscape. Protecting a hybrid system brings additional challenges as many attacks start on-premises and move to the cloud. Semperis Directory Services Protector (DSP) continuously monitors Active Directory and Azure Active Directory for indicators of exposure and provides a single view of activities on-prem and in the cloud.

Active Directory was not built to stand up against today’s threats. And protecting both on-premises AD and Azure Active Directory in a hybrid environment is notoriously difficult because the security models are completely different. Plus, attackers often move from on-premises to cloud (or vice versa) in the constant pursuit of elevated privileges—as in the SolarWinds attack. In our mobile-first, cloud-first world, any connected device can expose the heart of your IT infrastructure. You should assume that attackers are already lurking inside your network and just waiting for the opportune moment to strike. Defenders must anticipate their adversaries’ advances and be able to thwart attacks at every stage of the cyber kill chain. Meet Semperis DSP.

How can this help me?


A malicious actor gains privileged access and disables native security logs. You discover the breach within 15 minutes and disable the hijacked account. You can’t see what was changed or potentially changed, so to be safe you restore Active Directory from backup. As a result, you lose several hours or even a day’s worth of legitimate changes, and users are locked out until those changes are redone.

With Semperis DSP, you can see what was changed during those 15 minutes and immediately undo any suspicious changes – eliminating the downtime and rework associated with a backup restore.


You perform an annual risk assessment looking for Active Directory vulnerabilities in hopes of stopping an attack. However, vulnerability assessment must be an ongoing, continuous process since AD is constantly changing and attackers fully understand how to exploit these vulnerabilities.

Semperis DSP continuously scans AD for risky configurations to identify weak links in your AD deployment. Based on this assessment, Semperis DSP provides a prioritized list of vulnerabilities and trends, as well as suggested corrective actions to reduce your AD attack surface.


A user is added to a critical application group by something other than your user provisioning account. Semperis DSP allows you to define notification rules to automatically undo unexpected changes to users, groups, computers, containers, and OUs.


A service desk operator resets the wrong user’s password and changes the CEO’s password by mistake.

An operator with delegated restore permissions in Semperis DSP can immediately undo the password reset so the CEO can keep their password (without having to share it with the service desk) and doesn’t have to update their password on all the devices they use to access email, files, dashboards, etc.


A script adds the wrong users to 100+ groups. With Semperis DSP, you can quickly isolate the mistaken additions and immediately undo them all with a few mouse clicks.


You delete an OU with 1,000 users across 10 sub-OUs. With Semperis DSP, you can restore an individual object or an entire hierarchy of 1,000+ objects with a single right-click operation.


An administrator accidentally deletes a DNS zone, rendering an entire division non-functional. With Semperis DSP, you can undo changes to deleted or modified AD-integrated DNS zones as easily as user and computer objects.


A newly deployed Group Policy Object (GPO) or a GPO that was tampered with by an attacker breaks all production servers. With Semperis DSP you can track and compare changes and immediately roll back the GPO to the prior version.


Tracking malicious changes in a hybrid identity system is challenging. Attackers often gain entry to the on-premises Active Directory, then move to Azure Active Directory (or vice versa) before dropping malware. Without a single view of changes across the environment, detecting adversaries is difficult.

Semperis DSP provides a unified dashboard that shows malicious changes in your on-prem Active Directory and Azure Active Directory so you can close security gaps before attackers strike.


During an in-progress attack, you have no time to waste in finding and closing open security backdoors. Combing through log files is inefficient when attackers are on the move.

Semperis DSP provides powerful search functionality to accelerate forensics during and after an attack.


Established security frameworks can ensure good security hygiene but can be cumbersome to work with. DSP maps indicators of exposure and compromise to established MITRE ATT&CK and French ANSSI frameworks.

Find out more with the product brief or get in touch

Active Directory Forest Recovery

My heading is awesome

  • List item
  • List item
  • List item

Active Directory is in the attackers’ crosshairs

Widespread attacks exploiting Microsoft Active Directory have crippled businesses in recent years. When a ransomware or wiper attack takes out your domain controllers, recovering your forest can drag on for days or even weeks and risk malware re-infection in the process. But with Semperis Active Directory Forest Recovery (ADFR), you can get your business back in business in less than an hour. Soup to nuts.

Let us prove it

Was your AD backup built for a different era?

So, what do you do when a cyberattack annihilates your entire Active Directory infrastructure? Well, Microsoft provides a lengthy technical guide that details the 28-step multi-threaded manual process required to recover an AD forest. Or, you could use a third-party AD backup tool that relies on bare-metal recovery (BMR). But be warned: Recovery from system state or bare-metal backups can re-introduce the infection all over again. Yikes! Don’t worry, Semperis has a solution built for the “post-NotPetya” world. The risk model for AD recovery has changed. So should your AD recovery plan.

Cyber-First Checklist

The extinction event is real.

If Active Directory is down, business stops. Period. With malware running rampant, the threat of an AD disaster is greater than ever. In many cases, domain controllers are being weaponized to spread ransomware and encrypt thousands of machines at once. And opportunistic attackers are compromising targeted networks several months before deploying the ransomware, waiting to monetize their attacks until they see the most financial gain. It’s impossible to stop every attack, especially as remote workforces rapidly expand the attack surface. But you can control how resilient you are. Your business depends on it.

Join us! It will only take a minute

Purple Knight

My heading is awesome

The hard truth is that Active Directory is a soft target for attackers attempting to steal credentials and deploy ransomware across your network. But securing Active Directory is difficult given its constant flux, the sheer number of settings, and increasingly sophisticated threat landscape. And with easy access to powerful hacking tools, even small-time criminals can be just as dangerous as sophisticated nation-state adversaries. Purple Knight is on a mission to help organizations combat the deluge of escalating attacks targeting Active Directory. Regardless of company size or industry, we believe that security programs must be empowered to safely challenge their defenses, find weak spots, and take immediate action.

Spot weaknesses in Active Directory before attackers do.

Attackers take advantage of weak Active Directory configurations to identify attack paths, access privileged credentials, and get a foothold into target networks. Purple Knight queries your Active Directory environment and performs a comprehensive set of tests against the most common and effective attack vectors to uncover risky configurations and security vulnerabilities. You receive prioritized, corrective guidance to close gaps before they get exploited by attackers.

Minimize your attack surface and stay ahead of ever-evolving threats.

To lockdown Active Directory, you must think like an attacker. Purple Knight maps pre- and post-attack security indicators to the MITRE ATT&CK framework, offering an overall risk score along with the likelihood of compromise and specific remediation steps. You can proactively harden your Active Directory against new adversary tactics and techniques with built-in threat modeling, which is constantly updated by a team of security experts.

My heading is awesome

  • List item
  • List item
  • List item

Why not evaluate the security of your Active Directory.